sandbox (coder)
Published 2026-03-11 18:55:43 -07:00 by agent
Installation
docker pull git.brads.house/commune/sandbox:codersha256:9b8555aee26ceaf520b1377e7f197e0189cf5fc4792ff6b73cde90c9bc2fa23fImage layers
| # debian.sh --arch 'amd64' out/ 'bookworm' '@1771804800' |
| ENV DEBIAN_FRONTEND=noninteractive |
| RUN /bin/sh -c apt-get update && apt-get install -y --no-install-recommends bash ca-certificates curl git gnupg jq less nano python3 python3-pip python3-venv ripgrep tree unzip wget zip zstd && rm -rf /var/lib/apt/lists/* # buildkit |
| RUN /bin/sh -c ln -sf /bin/bash /bin/sh # buildkit |
| RUN /bin/sh -c curl -fsSL https://deb.nodesource.com/setup_22.x | bash - && apt-get install -y nodejs && rm -rf /var/lib/apt/lists/* # buildkit |
| RUN /bin/sh -c curl -fsSL https://go.dev/dl/go1.24.1.linux-amd64.tar.gz | tar -xzf - -C /usr/local && /usr/local/go/bin/go install github.com/f/mcptools/cmd/mcptools@latest && /usr/local/go/bin/go install github.com/steipete/goplaces/cmd/goplaces@latest && mv /root/go/bin/mcptools /usr/local/bin/ && mv /root/go/bin/goplaces /usr/local/bin/ && ln -s /usr/local/bin/mcptools /usr/local/bin/mcp && rm -rf /usr/local/go /root/go # buildkit |
| RUN /bin/sh -c curl -fsSL https://github.com/doy/rbw/releases/download/1.15.0/rbw_1.15.0_linux_amd64.tar.gz | tar -xzf - -C /usr/local/bin rbw rbw-agent # buildkit |
| RUN /bin/sh -c curl -LsSf https://astral.sh/uv/install.sh | sh && mv /root/.local/bin/uv /usr/local/bin/uv && mv /root/.local/bin/uvx /usr/local/bin/uvx # buildkit |
| RUN /bin/sh -c python3 -m venv /opt/venv && . /opt/venv/bin/activate && uv pip install git+https://git.brads.house/commune/bloc && uv pip install git+https://git.brads.house/brad/sigil # buildkit |
| ENV PATH=/opt/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
| RUN /bin/sh -c printf '#!/bin/bash\necho "OK"\nwhile IFS= read -r cmd || [[ -n "$cmd" ]]; do\n case "$cmd" in\n GETPIN)\n PROFILE_SUFFIX="${RBW_PROFILE:+-$RBW_PROFILE}"\n PASSWORD=$(cat "$HOME/.config/rbw${PROFILE_SUFFIX}/master_password" 2>/dev/null | tr -d "\\n")\n echo "D $PASSWORD"\n echo "OK"\n ;;\n BYE|QUIT) echo "OK"; exit 0 ;;\n *) echo "OK" ;;\n esac\ndone\n' > /usr/local/bin/pinentry-rbw && chmod +x /usr/local/bin/pinentry-rbw && ln -sf /usr/local/bin/pinentry-rbw /usr/bin/pinentry # buildkit |
| RUN /bin/sh -c npm install -g openclaw # buildkit |
| RUN /bin/sh -c apt-get update && apt-get install -y --no-install-recommends python3-yaml && rm -rf /var/lib/apt/lists/* # buildkit |
| RUN /bin/sh -c pip3 install --no-cache-dir --break-system-packages vl-convert-python # buildkit |
| COPY load-agent-config.py /usr/local/bin/load-agent-config # buildkit |
| RUN /bin/sh -c chmod +x /usr/local/bin/load-agent-config # buildkit |
| COPY agent-config.sh /etc/profile.d/agent-config.sh # buildkit |
| ENV BASH_ENV=/etc/profile.d/agent-config.sh |
| RUN /bin/sh -c useradd --uid 1001 --create-home --shell /bin/bash sandbox # buildkit |
| RUN /bin/sh -c git config --system --add safe.directory '*' # buildkit |
| ENV SHELL=/bin/bash |
| ENV WORKSPACE_PATH=/workspace |
| USER sandbox |
| WORKDIR /home/sandbox |
| CMD ["sleep" "infinity"] |
| USER root |
| RUN /bin/sh -c apt-get update && apt-get install -y --no-install-recommends build-essential python3-venv shellcheck fd-find && rm -rf /var/lib/apt/lists/* # buildkit |
| RUN /bin/sh -c npm install -g @rigour-labs/cli @rigour-labs/mcp # buildkit |
| RUN /bin/sh -c rm -f /usr/bin/sg && npm install -g @ast-grep/cli # buildkit |
| RUN /bin/sh -c npm install -g tree-sitter-cli # buildkit |
| ARG DIFFT_VERSION=0.67.0 |
| RUN |1 DIFFT_VERSION=0.67.0 /bin/sh -c wget -qO difft.tar.gz "https://github.com/Wilfred/difftastic/releases/download/${DIFFT_VERSION}/difft-x86_64-unknown-linux-gnu.tar.gz" && tar -xzf difft.tar.gz -C /usr/local/bin difft && rm difft.tar.gz && difft --version # buildkit |
| RUN |1 DIFFT_VERSION=0.67.0 /bin/sh -c pip3 install --no-cache-dir --break-system-packages ruff # buildkit |
| RUN |1 DIFFT_VERSION=0.67.0 /bin/sh -c ln -sf /usr/bin/fdfind /usr/local/bin/fd # buildkit |
| USER sandbox |
| WORKDIR /home/sandbox |
| CMD ["sleep" "infinity"] |